Posted by J.O. Aho on 07/16/06 12:21

dimo414 wrote:
> I agree with the suggestion to keep username/password files outside the
> web root. If you cannot do this (such as scripts like PHPBB and
> Coppermine) place the username/passwords inside a PHP file as varibles
> which can be included in any needed scripts, this way, if someone knows
> the name of the password file, and tries to view it, all they will see
> is a blank screen, as the PHP was parsed and dealt with before being
> sent out.
>

You can move the file outside the web-root too, move the file to a secure
location, create a new file with the same name in the same location and you
just add the include_once/include line to include the original configuration
file, this works fine as long as there aren't any include lines in the
original file, if there are, you need to change those to include an absolute
path to the included files instead of relative paths.


//Aho

• Next in forum: Re: warning header("Location: file.php")
• Prev in forum: SORRY, did not mean to crosspost.
• Thread view: Re: Best practice regarding MySQL username/pw in script file??

[Reply to this message]